To fix this, you have to read the RFC (i dont know the number yet). In the RFC, it says that name servers must be given in "ns1 IN A ip.add.re.ss" form. that should fix the 1st problem (error)
A name server, if not recursive, will only answer the question presented to it if it knows the answer. It will not seek out the answer.
If a name server is recursive (otherwise known as forwarding) then it will go away and query other name servers in an attempt to answer the question, even if it had no knowledge of the answer to start with.
The recursive/forwarding type is useful for dumb clients with simple DNS capability to ask a question and get the answer without doing much work. Most workstations are like this (a typical Windows or UNIX installation).
The reason dnscheck mentions it is that because recursion is turned on, there is the potential problem of leakage between the forwarding part of the name server and the authoritative zone serving part. Typically this used to be done by asking a forwarder a question that could only be answered by contacting the attacker's DNS server, which would then respond with additional records which over-rule the zone serving component, hence poisoning the DNS and allowing the attacker to control the zone.
